Option to override recursive nameservers for propagation checks

context.go

@@ -48,6 +48,7 @@ func (c *Context) InitContext() {
 	certNameParam := getEnvOption("CERT_NAME", true)
 	timeParam := getEnvOption("RENEWAL_TIME", true)
 	providerParam := getEnvOption("PROVIDER", true)
+	resolversParam := getEnvOption("DNS_RESOLVERS", false)
 
 	if eulaParam != "Yes" {
 		logrus.Fatalf("Terms of service were not accepted")
@@ -58,6 +59,16 @@ func (c *Context) InitContext() {
 		logrus.Fatalf("Invalid value for DOMAINS: %s", domainParam)
 	}
 
+	dnsResolvers := []string{}
+	if len(resolversParam) > 0 {
+		for _, resolver := range listToSlice(resolversParam) {
+			if !strings.Contains(resolver, ":") {
+				resolver += ":53"
+			}
+			dnsResolvers = append(dnsResolvers, resolver)
+		}
+	}
+
 	c.CertificateName = certNameParam
 	c.RenewalTime, err = strconv.Atoi(timeParam)
 	if err != nil || c.RenewalTime < 0 || c.RenewalTime > 23 {
@@ -100,7 +111,7 @@ func (c *Context) InitContext() {
 		NS1ApiKey:            getEnvOption("NS1_API_KEY", false),
 	}
 
-	c.Acme, err = letsencrypt.NewClient(emailParam, keyType, apiVersion, providerOpts)
+	c.Acme, err = letsencrypt.NewClient(emailParam, keyType, apiVersion, dnsResolvers, providerOpts)
 	if err != nil {
 		logrus.Fatalf("LetsEncrypt client: %v", err)
 	}

letsencrypt/client.go

@@ -60,7 +60,7 @@ type Client struct {
 }
 
 // NewClient returns a new Lets Encrypt client
-func NewClient(email string, kt KeyType, apiVer ApiVersion, provider ProviderOpts) (*Client, error) {
+func NewClient(email string, kt KeyType, apiVer ApiVersion, dnsResolvers []string, provider ProviderOpts) (*Client, error) {
 	var keyType lego.KeyType
 	switch kt {
 	case RSA2048:
@@ -138,6 +138,10 @@ func NewClient(email string, kt KeyType, apiVer ApiVersion, provider ProviderOpt
 		client.ExcludeChallenges([]lego.Challenge{lego.TLSSNI01, lego.DNS01})
 	}
 
+	if len(dnsResolvers) > 0 {
+		lego.RecursiveNameservers = dnsResolvers
+	}
+
 	return &Client{
 		client:     client,
 		apiVersion: apiVer,